Securacy: An empirical investigation of android applications' network usage, privacy and security

Proceedings of the 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2015

Volumn , Issue , 2015, Pages

  Ferreira, Denzil ^a   Kostakos, Vassilis ^a   Beresford, Alastair R ^b   Lindqvist, Janne ^c   Dey, Anind K ^d  

^a UNIVERSITY OF OULU   (Finland)

^b UNIVERSITY OF CAMBRIDGE   (United Kingdom)

^c RUTGERS UNIVERSITY   (United States)

^d CARNEGIE MELLON UNIVERSITY   (United States)

Author keywords

Applications; Context; Experience sampling; Network; Privacy

Indexed keywords

EID: 84962016918     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2766498.2766506     Document Type: Conference Paper

References (56)

1. th Annual International Conference on Mobile Systems, Applications, and Services. ACM, 2013, 97-110.
2. rd ACM Symposium on Operating Systems Principles. ACM, 2011, 173-187.
3. Backes, M., Gerling, S., Hammer, C., Maffei, M. and Styp-Rekowsky, P.V. AppGuard - Enforcing User Requirements on Android Apps. In Tools and Algorithms for the Construction and Analysis of Systems. Springer Berlin Heidelberg, 2013, 543-548.
4. th Symposium on Usable Privacy and Security. ACM, 2013, 12:1-12:11.
5. BBC News - Can Europe go its own way on data privacy?. http://www.bbc.com/news/technology-26228176, retrieved 23/01/2015.
6. Becher, M., Freiling, F.C., Hoffmann, J., Holz, T., et al. Mobile Security Catching Up? Revealing the Nuts and Bolts of the Security of Mobile Devices. In Symposium on Security and Privacy. IEEE, 2011, 96-111.
7. Benenson, Z., Gassmann, F. and Reinfelder, L. Android and iOS Users' Differences Concerning Security and Privacy. In CHI '13 Extended Abstracts on Human Factors in Computing Systems. ACM, 2013, 817-822.
8. th Int. Workshop on Security and Social Networking. IEEE, 2013, 291-296.
9. th Workshop on Mobile Computing Systems and Applications. ACM, 2011, 49-54.
10. st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. ACM, 2011, 15-26.
11. Chan, H. and Perrig, A. Security and privacy in sensor networks. Computer 36, 10, 2003, 103-105.
12. Cisco Visual Networking Index Forecast Projects 18-Fold Growth in Global Mobile Internet Data Traffic From 2011 to 2016. http://newsroom.cisco.com/release/668380/Cisco-Visual-Networking-Index-Forecast-Projects-18-Fold-Growth-in-Global-Mobile-Internet-Data-Traffic-From-2011-to-2016, retrieved 05/09/2014.
13. Consolvo, S. and Walker, M. Using the experience sampling method to evaluate ubicomp applications. IEEE Pervasive Computing 2, 2, 2003, 24-31.
14. Dashboards for Android Developers. https://developer.android.com/about/dashboards/index.html, retrieved 1/05/2015.
15. Edward Snowden urges professionals to encrypt client communications. http://www.theguardian.com/world/2014/jul/17/edward-snowden-professionals-encrypt-client-communications-nsa-spy, retrieved 17/09/2014.
16. El-Khatib, K., Korba, L., Xu, Y. and Yee, G. Privacy and Security in E-Learning. International Journal of Distance Education Technologies (IJDET) 1, 4, 2003, 1-19.
17. Enck, W., Gilbert, P., Chun, B.-G., Cox, L.P., et al. TaintDroid: An Information-flow Tracking System for Realtime Privacy Monitoring on Smartphones. In Proceedings of the 9th USENIX Conference on Operating Systems Design and Implementation. USENIX Association, 2010, 1-6.
18. Fahl, S., Harbach, M., Muders, T., Baumgärtner, L., et al. Why Eve and Mallory Love Android: An Analysis of Android SSL (in)Security. In Proceedings of the 2012 ACM Conference on Computer and Communications Security. ACM, 2012, 50-61.
19. Fahl, S., Harbach, M., Perl, H., Koetter, M. and Smith, M. Rethinking SSL Development in an Appified World. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security. ACM, 2013, 49-60.
20. Felt, A.P., Egelman, S. and Wagner, D. I've Got 99 Problems, but Vibration Ain'T One: A Survey of Smartphone Users' Concerns. In Proceedings of the Second ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. ACM, 2012, 33-44.
21. Felt, A.P., Finifter, M., Chin, E., Hanna, S. and Wagner, D. A Survey of Mobile Malware in the Wild. In Proceedings of the 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices. ACM, 2011, 3-14.
22. Ferreira, D., Ferreira, E., Goncalves, J., Kostakos, V. and Dey, A.K. Revisiting Human-Battery Interaction with an Interactive Battery Interface. In Ubicomp. ACM, 2013, 563-572.
23. Ferreira, D., Kostakos, V. and Dey, A.K. AWARE: mobile context instrumentation framework. Frontiers in ICT 2:6, (2015) DOI: 10.3389/fict.2015.00006.
24. Ferreira, D., Kostakos, V. and Dey, A.K. Lessons Learned from Large-Scale User Studies: Using Android Market as a Source of Data. International Journal of Mobile Human Computer Interaction 4, 3, 2012, 28-43.
25. Fu, B., Lin, J., Li, L., Faloutsos, C., et al. Why People Hate Your App: Making Sense of User Feedback in a Mobile App Store. In Proceedings of the 19th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining. ACM, 2013, 1276-1284.
26. Fu, H., Yang, Y., Shingte, N., Lindqvist, J. and Gruteser, M. A Field Study of Run-Time Location Access Disclosures on Android Smartphones. In USEC'14. 2014.
27. Hill, R., Hansen, M. and Singh, V. Quantifying and Classifying Covert Communications on Android. Mobile Networks and Applications 19, 1, 2014, 79-87.
28. Hornyack, P., Han, S., Jung, J., Schechter, S. and Wetherall, D. These Aren'T the Droids You'Re Looking for: Retrofitting Android to Protect Data from Imperious Applications. In Proceedings of the 18th ACM Conference on Computer and Communications Security. ACM, 2011, 639-652.
29. Hubaux, J.-P., Capkun, S. and Luo, J. The security and privacy of smart vehicles. IEEE Security & Privacy Magazine 2, LCA-ARTICLE-2004-007, 2004, 49-55.
30. IANA TCP/IP port specifications. http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml?&page=126, retrieved 14/03/2014.
31. th ACM Conference on Data and Application Security and Privacy. ACM, 2014, 99-110.
32. Kelley, P.G., Consolvo, S., Cranor, L.F., Jung, J., et al. A Conundrum of Permissions: Installing Applications on an Android Smartphone. In Financial Cryptography and Data Security. Springer Berlin Heidelberg, 2012, 68-79.
33. Kelley, P.G., Cranor, L.F. and Sadeh, N. Privacy As Part of the App Decision-making Process. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems. ACM, 2013, 3393-3402.
34. Kostakos, V., Venkatanathan, J., Reynolds, B., Sadeh, N., et al. Who's your best friend?: targeted privacy attacks in location-sharing social networks. In Ubicomp. ACM, 2011, 177-186.
35. Lin, J., Amini, S., Hong, J.I., Sadeh, N., et al. Expectation and Purpose: Understanding Users' Mental Models of Mobile App Privacy Through Crowdsourcing. In Proceedings of the 2012 ACM Conference on Ubiquitous Computing. ACM, 2012, 501-510.
36. Manifest permissions for Android Developers. http://developer.android.com/reference/android/Manifest.permission.html, retrieved 11/03/2014.
37. Moto X: the Google phone that's always listening. http://www.telegraph.co.uk/technology/google/10217856/Moto-X-the-Google-phone-thats-always-listening.html, retrieved 05/09/2014.
38. Nauman, M., Khan, S., Othman, A.T. and Musa, S. Realization of a user-centric, privacy preserving permission framework for Android. Security Comm. Networks 8, 3, 2014, 368-382.
39. Nauman, M., Khan, S. and Zhang, X. Apex: Extending Android Permission Model and Enforcement with User-defined Runtime Constraints. In Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security. ACM, 2010, 328-332.
40. The new Moto X is 'always listening' - and so is the NSA!. http://www.techradar.com/us/news/phone-and-communications/mobile-phones/the-new-moto-x-is-always-listening-and-so-is-the-nsa-1170553, retrieved 17/09/2014.
41. Orthacker, C., Teufl, P., Kraxberger, S., Lackner, G., et al. Android Security Permissions - Can We Trust Them? In Security and Privacy in Mobile Information and Communication Systems. Springer Berlin Heidelberg, 2012, 40-51.
42. Rastogi, V., Chen, Y. and Enck, W. AppsPlayground: Automatic Security Analysis of Smartphone Applications. In Proceedings of the Third ACM Conference on Data and Application Security and Privacy. ACM, 2013, 209-220.
43. Report: 97% Of Mobile Malware Is On Android. This Is The Easy Way You Stay Safe. http://www.forbes.com/sites/gordonkelly/2014/03/24/report-97-of-mobile-malware-is-on-android-this-is-the-easy-way-you-stay-safe/, retrieved 22/09/2014.
44. Report: NSA among worst offenders of mass surveillance, Snowden says. http://edition.cnn.com/2013/11/03/world/europe/edward-snowden-manifesto/, retrieved 08/03/2014.
45. Review app permissions. https://support.google.com/googleplay/answer/6014972?p=app-permissions&rd=1, retrieved 11/09/2014.
46. Sadeh, N., Hong, J., Cranor, L., Fette, I., et al. Understanding and Capturing People's Privacy Policies in a Mobile Social Networking Application. Personal Ubiquitous Comput 13, 6, 2009, 401-412.
47. Sellwood, J. and Crampton, J. Sleeping Android: The Danger of Dormant Permissions. In Proceedings of the Third ACM Workshop on Security and Privacy in Smartphones & Mobile Devices. ACM, 2013, 55-66.
48. Shin, W., Kwak, S., Kiyomoto, S., Fukushima, K. and Tanaka, T. A Small But Non-negligible Flaw in the Android Permission Scheme. In International Symposium on Policies for Distributed Systems and Networks. IEEE, 2010, 107-110.
49. Truong, H.T.T., Lagerspetz, E., Nurmi, P., Oliner, A.J., et al. The Company You Keep: Mobile Malware Infection Rates and Inexpensive Risk Indicators. In Proceedings of the 23rd International Conference on World Wide Web. International World Wide Web Conferences Steering Committee, 2014, 39-50.
50. Tu, G.-H., Peng, C., Li, C.-Y., Ma, X., et al. Accounting for Roaming Users on Mobile Data Access: Issues and Root Causes. In Proceeding of the 11th Annual International Conference on Mobile Systems, Applications, and Services. ACM, 2013, 305-318.
51. Verizon's offer: Let us track you, get free stuff. http://money.cnn.com/2014/07/22/technology/mobile/verizon-tracking/index.html?hpt=hp-t2, retrieved 22/07/2014.
52. th Int. Software Testing, Verification and Validation Workshops (ICSTW), 2013, 435-440.
53. Yan, B. and Chen, G. AppJoy: personalized mobile application discovery. In MobiSys. New York, New York, USA, 2011, 113-126.
54. Yang, Z., Yang, M., Zhang, Y., Gu, G., et al. AppIntent: analyzing sensitive data transmission in android for privacy leakage detection. In Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security. ACM, 2013, 1043-1054.
55. Zhang, C., Sun, J., Zhu, X. and Fang, Y. Privacy and security for online social networks: challenges and opportunities. Network, IEEE 24, 4, 2010, 13-18.
56. Zhang, Y., Yang, M., Xu, B., Yang, Z., et al. Vetting Undesirable Behaviors in Android Apps with Permission Use Analysis. In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security. ACM, 2013, 611-622.